Engineering method and establishing system

ABSTRACT

An engineering method for establishing an engineering system includes establishing the engineering system in a virtual system by performing a communication and permitting an access to the virtual system via an internet, the communication being performed by using a service which is provided via the internet, the service being used by a first communication system which is connected to the internet, the virtual system being disposed in the first communication system, and the virtual system virtually implementing the engineering system, and inspecting the engineering system by performing an access to an inspection system via a virtual private network, the access is performed by a second communication system which is connected to the virtual private network, the inspection system being disposed in the second communication system, and the inspection system inspecting operations of the engineering system which is established in the virtual system.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The disclosure relates to an engineering method and an establishingsystem.

Priority is claimed on Japanese Patent Application No. 2014-080914,filed Apr. 10, 2014, the contents of which are incorporated herein byreference.

2. Description of Related Art

In a plant and a factory, so as to implement an advanced and secureautomatic operation, various types of systems (engineering systems) suchas a DCS (Distributed Control System) and an SIS (Safety InstrumentSystem) are installed. A client (for example, a contractee), anengineering company (for example, a contractor), and a third vendor (athird party) have a meeting thoroughly and inspect the engineeringsystem in the presence of them from an early phase of a systemestablishment to when the system establishment is completed. This makesthe engineering systems be established.

Specifically, as shown in FIG. 11, the engineering system is establishedthrough three phases described below. FIG. 11 is a drawing illustratingthe phases performed for establishing the engineering system.

(1) FEED (Front End Engineering Design) Phase

In a feed phase, the client, the engineering company, and the thirdvendor examine technical problems, estimated costs, and so on whilekeeping close contacts with each other, so as not to be changedsignificantly in an engineering phase which is next to the feed phase.In the feed phase, it is usually the case that the client always staysin the engineering company and the various types of examinationdescribed above are conducted.

(2) Engineering Phase

In an engineering phase, a basic design (BD) and a detailed design (DD)are conducted, hardware is ordered, software is programed, and anoperation test (Internal Test: IT) is conducted. In the engineeringphase, it is often the case that the client checks. Also, in theengineering phase, the concerned parties (the client, the engineeringcompany, and the third vendor) get together in one place, and a factoryacceptance test (FAT) for inspecting software and hardware in thepresence of the concerned parties is conducted.

(3) Site Activity Phase

In a site activity phase, the concerned parties get together in anactual plant, and a site acceptance test (SAT) for testing an operationof the engineering system installed in the plant is conducted.Thereafter, a performance inspection (Commissioning) is conducted. InJapanese Unexamined Patent Application Publication No. 2002-74240, anexample of a method for implementing a conventional instrumentationengineering system is disclosed.

Conventionally, the concerned parties basically get together in oneplace so as to conduct the meeting and the inspection in the presence ofthe concerned parties. In a case where the concerned parties cannot gettogether in one place, they exchange messages and files by e-mail and aFTP (File Transfer Protocol) server so as to communicate with eachother. Recently, it is often the case that they communicate with eachother by using a remote access (a technology for connecting to acomputer from outside and operating the computer), for example, byaccessing a computer in the engineering company.

However, the conventional method described above has problems describedbelow with respect to each phases.

(1) Feed Phase

-   -   Because there is a need to have thorough meetings, engineers are        required to work for a long time.    -   Computers and network environments for inspecting the system are        needed.

(2) Engineering Phase

-   -   There is a need for the concerned parties to get together in one        place, and much travel expenses and much traveling time are        needed.    -   An additional system for testing is needed until a target system        is completed.    -   A large space for staging is needed when the inspection is        conducted in the presence of the concerned parties.    -   In a case of using the remote access, there is a possibility of        getting a malware and being hacked. Also, because the display of        the computer is occupied, it is difficult to know the operation        from outside, and the response is slow.    -   A test of communicating with the third vendor cannot be        conducted.

(3) Site Activity Phase

-   -   Skilled engineers have been held for a long time.    -   Long time is needed to understand a situation of field site.

SUMMARY

An engineering method for establishing an engineering system may includeestablishing the engineering system in a virtual system by performing acommunication and permitting an access to the virtual system via aninternet, the communication being performed by using a service which isprovided via the internet, the service being used by a firstcommunication system which is connected to the internet, the virtualsystem being disposed in the first communication system, and the virtualsystem virtually implementing the engineering system, and inspecting theengineering system by performing an access to an inspection system via avirtual private network, the access is performed by a secondcommunication system which is connected to the virtual private network,the inspection system being disposed in the second communication system,and the inspection system inspecting operations of the engineeringsystem which is established in the virtual system.

Further features and aspects of the present disclosure will becomeapparent from the following detailed description of exemplaryembodiments with reference to the attached drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a drawing illustrating a communication system which is used bythe engineering method and the establishing system in the presentembodiment.

FIG. 2 is a drawing illustrating the communication system CS1 used inthe engineering method and the establishing system in the presentembodiment.

FIG. 3 is a drawing illustrating a connection situation of the virtualsystem which is used in the present embodiment.

FIG. 4 is a drawing illustrating the communication system CS2 used inthe engineering method and the establishing system in the presentembodiment.

FIG. 5 is a drawing illustrating the step system SP in the presentembodiment.

FIG. 6 is a drawing illustrating a migration of the virtual image of thevirtual system used in the present embodiment.

FIG. 7 is a drawing illustrating the communication system CS3 used inthe engineering method and the establishing system in the presentembodiment.

FIG. 8 is a drawing illustrating a communication by a televisionconference with voice and video.

FIG. 9A is a drawing illustrating an example of a display screen of thepresent embodiment when the factory acceptance test is conducted.

FIG. 9B is a drawing illustrating an example of a display screen of theold way when the factory acceptance test is conducted.

FIG. 10 is a drawing illustrating an example of an image data used in aninspection of hardware in the present embodiment.

FIG. 11 is a drawing illustrating phases which are conducted so as toestablish the engineering system.

DETAILED DESCRIPTION OF THE EMBODIMENTS

The embodiments of the present invention will be now described hereinwith reference to illustrative preferred embodiments. Those skilled inthe art will recognize that many alternative preferred embodiments canbe accomplished using the teaching of the present invention and that thepresent invention is not limited to the preferred embodimentsillustrated herein for explanatory purposes.

An aspect of the present invention is to provide an engineering methodand an establishing system which can implement an environment in whichthe concerned parties can virtually get together in one place andvirtually conduct meetings, engineering works, and inspecting theengineering system in the presence of the concerned parties, even if theconcerned parties are in a remote location.

Embodiments of the engineering method will be described below, withreferences made to the drawings. FIG. 1 is a drawing illustrating acommunication system which is used by the engineering method and theestablishing system in the present embodiment. As shown in FIG. 1, inthe present embodiment, when the engineering system is established,three communication systems CS1 to CS3 which are different from eachother are used sequentially.

General Description of the Communication Systems CS1 to CS3

The communication system CS1 is used at the basic design (BD), thedetailed design (DD), and the internal test (IT) in the feed phase andthe engineering phase which are shown in FIG. 11. The communicationsystem CS1 is used at an early phase of establishing the engineeringsystem. The communication system CS1 is used to virtually implement theengineering system, which is to be established, on a virtual system VSwhile keeping close contacts with a client A, an engineering company B,a third vendor and EPC (Engineering Procurement Construction).Hereinbelow, so as to describe simply, the third vendor and the EPC arereferred to as “third vendor C”.

The communication system CS2 is used at the factory acceptance test(FAT) in the engineering phase shown in FIG. 11. The communicationsystem CS2 implements the engineering system, which is virtuallyestablished by the communication system CS1, as a target system TS.Specifically, the target system TS is implemented by installing theengineering system, which is ordered by the client A, in a FAT area in abase of the engineering company B, and connecting the installedengineering system to a corporate network. Although details will bedescribed later, display contents of the target system TS and thevirtual system VS are shown in FIG. 9A. The communication system CS2 isused to implement the environment in which the client A, the engineeringcompany B, and the third vendor C, which are in a remote location,virtually get together in one place and virtually inspect theengineering system in the presence of the concerned parties.

The communication system CS3 is used in the site activity phase shown inFIG. 11. The communication system CS3 is used at an end phase ofestablishing the engineering system. The communication system CS3 isused to examine an actual engineering system (a plant system PS), whichis actually established, while keeping close contacts with a client A,an engineering company B, a third vendor C.

Detail Descriptions of the Communication System CS1 FIG. 2 is a drawingillustrating the communication system CS1 used in the engineering methodand the establishing system in the present embodiment. As shown in FIG.2, in the communication system CS1, the client A, bases b1 to b3 in theengineering company B, and the third vendor C are connected to eachother via the internet (first network) N. The client A, the bases b1 tob3 in the engineering company B, and the third vendor C can communicateby using various types of services (internet cloud services) which areprovided via the internet N.

As the internet cloud services, for example, a mail service, an IPtelephone service, a file sharing service, an instant messaging service,and a television conference service are taken. More specifically,computers and networks in the client A, the bases b1 to b3 in theengineering company B, and the third vendor C are connected to thenetwork N. However, for descriptive purposes, it is described in thepresent embodiment that the client A, the bases b1 to b3 in theengineering company B, and the third vendor C are connected to thenetwork N.

As shown in FIG. 2, a communication system 10 (a first communicationsystem) which has a corporate network N1 connecting between the bases b1to b3 and a virtual system VS is disposed in the engineering company B.The bases b1 to b3 are such bases as a development base, a productionbase, a sales base, or other bases which are established in Japan orforeign countries. For the reason, the corporate network N1 isestablished as a WAN (Wide Area Network).

Terminal devices (for example, terminal devices 11 and 12 shown in FIG.3) are disposed in the bases b1 to b3. The terminal devices areconnected to the internet N and the corporate network N1, and theterminal devices can access the virtual system VS. The client A and thethird vendor C cannot directly access the virtual system VS which isdisposed in the engineering company B. However, in a case where theclient A and the third vendor C are allowed by an engineer who operatesthe terminal devices 11 and 12 which are disposed in the bases b1 to b3,the client A and the third vendor C can indirectly access the virtualsystem VS via the terminal devices 11 and 12 which are operated by theengineer.

The virtual system VS is a system for virtually implementing anengineering system (for example, a distributed control system) which isto be established, and for implementing an engineering environment oftarget-less. The virtual system VS runs a guest OS (Operating System)and applications on a virtual machine VM. The guest OS is used by theengineering system which is to be established. For example, theapplication is a program for implementing the distributed controlsystem.

FIG. 3 is a drawing illustrating a connection situation of the virtualsystem which is used in the present embodiment. As shown in FIG. 3, soas not to be affected by other networks (for example, an office network)which is established in the engineering company B, the virtual system VSis established to be connected to a virtual networks VN1 and VN2. Theterminal devices (the terminal devices 11 and 12 shown in FIG. 3), whichare disposed in the bases b1 to b3, are connected to the virtual systemVS by using an SSL-VPN (Secure Sockets Layer-Virtual Private Network).

For the reason, the terminal devices 11 and 12 can access the virtualsystem VS as terminal devices (terminal devices 11 a and 12 a shown inFIG. 3) which are virtually connected to the virtual networks VN1 andVN2 respectively. The virtual networks are divided for projects so as toestablish a network environment which is more secure, and a same IPaddress architecture can be established. However, necessary externalconnections are permitted so as to apply a patch of the operating systemand antivirus.

Detail Descriptions of the Communication System CS2

FIG. 4 is a drawing illustrating the communication system CS2 used inthe engineering method and the establishing system in the presentembodiment. As shown in FIG. 4, in the communication system CS2, theclient A, the bases b1 to b3 and a target system TS (or the virtualsystem VS1) in the engineering company B, and the third vendor C areconnected to each other via a private line (second network) N2. Forexample, the private line N2 is a virtual private network. The privateline N2 is established by using an IP-VPN (Internet Protocol - VirtualPrivate Network). The private line N2 is separated from a network (forexample, an office network) which is established by the client A, theengineering company B, and the third vendor C.

The private line N2 is connected to the internet N so that the serviceswhich are provided from the private line N2 via the internet N can beaccessed, and the access from the internet N to the private line N2 isinhibited. That is, although the access from the private line N2 to theinternet N can be permitted in a limited way, the access from theinternet N to the private line N2 is inhibited. This access control isperformed so that the communication between the client A, theengineering company B, and the third vendor C can be implementedappropriately, and an unauthorized access from the internet N to thetarget system TS via the private line N2 can be inhibited.

As shown in FIG. 4, a communication system 20 (a second communicationsystem) is disposed in the engineering company B. The communicationsystem 20 is connected to the private line N2 and equipped with thetarget system TS (an inspection system). The target system TS is asystem for inspecting the operation of the engineering system which isvirtually established in the virtual system VS shown in FIG. 2. Avirtual system VS1, which is the same as the virtual system VS shown inFIG. 2, can be established along with the target system TS before thetarget system TS is completed.

In the communication system 20, a step system SP (a relay system) isdisposed between the private line N2 and the target system (or thevirtual system VS 1). The step system SP is disposed so as to convertbetween a communication protocol used by the private line N2 and acommunication protocol used by the communication system 20. Also, thestep system SP is disposed so as to improve security when the client A,the bases b1 to b3 in the engineering company B, and the third vendor Cperform remote access to the target system TS.

Specifically, because the communication via the private line N2 has aproblem of delay in accordance with a distance, UDP (User DatagramProtocol) is used as a communication protocol. On the other hand,different from the communication via the private line N2, because thecommunication system 20 does not have the problem of delay, TCP/IP(Transmission Control Protocol/Internet Protocol) is used as acommunication protocol. The step system SP converts between UDP andTCP/IP.

The step system SP censors the remote access from the client A, thebases b1 to b3 in the engineering company B, and the third vendor C tothe target system TS (or the virtual system VS1) via the private lineN2, so that it can be prevented that the target system TS is infectedwith a malware and hacked. That is, the step system SP indirectlyperforms the remote access from the client A, the bases b1 to b3 in theengineering company B, and the third vendor C to the target system TS(or the virtual system VS1).

FIG. 5 is a drawing illustrating the step system SP in the presentembodiment. As shown in FIG. 5, the step system SP is equipped with afirewall 21, terminal devices 22 a to 22 c, and a screen output terminal23. Terminal devices PC1 to PC3 shown in FIG. 5 are terminal deviceswhich are disposed in the client A, the bases b1 to b3 in theengineering company B, and the third vendor C.

The firewall 21 is disposed between the private line N2 and the targetsystem TS. The firewall 21 inhibits a direct communication between theterminal devices PC1 to PC3 and the target system TS. However, thefirewall 21 permits a communication between the terminal devices PC1 toPC3 and the terminal devices 22 a to 22 c, and the firewall 21 permits acommunication between the terminal devices 22 a to 22 c, the screenoutput terminal 23, and the target system TS, so as to implement theindirect remote access from the terminal devices PC1 to PC3 to thetarget system TS.

The terminal devices 22 a to 22 c are disposed so that the terminaldevices 22 a to 22 c receive the remote access from the terminal devicesPC1 to PC3 and implement the indirect remote access. The terminaldevices 22 a to 22 c correspond to the terminal devices PC1 to PC3respectively. That is, the terminal devices 22 a to 22 c are disposed inaccordance with a number of the client A, the bases b1 to b3 in theengineering company B, and the third vendor C which are to access thetarget system TS.

The screen output terminal 23 makes a copy (screen copy) of displaycontents of the target system TS which is to display on the terminaldevices 22 a to 22 c, and the screen output terminal 23 transmits thecopy to the terminal devices 22 a to 22 c. The screen output terminal 23is disposed so as to share the display contents of the target system TSamong the client A and the others performing the remote access to theterminal devices 22 a to 22 c by using the terminal devices PC1 to PC3.

The terminal devices PC1 to PC3, which perform the remote access to theterminal devices 22 a to 22 c, display the same contents as the contentsdisplayed on the terminal devices 22 a to 22 c. For the reason, in acase where the screen output terminal 23 displays the display contentsof the target system TS on the terminal devices 22 a to 22 c, the clientA and the others using the terminal devices PC1 to PC3 can share thedisplay contents of the target system TS.

The screen output terminal 23 is disposed so as to prevent the targetsystem TS from being operated improperly. In conventional way, theterminal device receives the remote access, and the screen of theterminal device is occupied (for example, occupied by a logon screen).For the reason, it is difficult for a person on the outside to know thecontents of the remote access. On the other hand, by disposing thescreen output terminal 23, the display contents of the target system TSare displayed on the terminal devices 22 a to 22 c which received theremote access. Therefore, improper operations with respect to the targetsystem TS can be prevented.

The virtual system VS1 is implemented by moving (migrating) a program (avirtual image), which implements the engineering system which isvirtually implemented on the virtual system VS shown in FIG. 2, to acomputer disposed in the communication system 20. FIG. 6 is a drawingillustrating a migration of the virtual image of the virtual system usedin the present embodiment. As shown in FIG. 6, the virtual image of thevirtual system VS is migrated via a management network MN which ismanaged by a management computer PC, and a firewall FW is connected tothe management network MN.

In the communication system CS2 shown in FIG. 4, if necessary, acommunication test can be conducted by connecting a subsystem D to thethird vendor C. In the communication system CS2 shown in FIG. 4, in acase where an environment of the internet N is good and a lot of costsare needed to connect to the private line N2, as the EPC shown in FIG.4, the connection to the private line N2 by the internet-VPN may beallowed.

Detail Descriptions of the Communication System CS3

FIG. 7 is a drawing illustrating the communication system CS3 used inthe engineering method and the establishing system in the presentembodiment. As shown in FIG. 7, in the communication system CS3, incommon with the communication system CS1 shown in FIG. 2, the client A,the bases b1 to b3 in the engineering company B, and the third vendor Care connected to each other via the internet N. The client A, the basesb1 to b3 in the engineering company B, and the third vendor C cancommunicate by using the internet cloud services which are provided viathe internet N.

As shown in FIG. 7, a communication system 30 (a third communicationsystem) which has a client network N3 connecting between the client Aand the plant system PS is disposed in the communication system CS3. Incommon with the corporate network Ni shown in FIG. 2, the client networkN3 is established as the WAN. Although not shown in the drawing,terminal devices are disposed in the client A. The terminal devices areconnected to the internet N and the client network N3, and the terminaldevices can access the plant system PS.

The communication system 30 is equipped with a fire wall 31 and a DMZ(DeMilitarized Zone) system 32 which are disposed between the clientnetwork N3 and the plant system PS. So as to maintain the security, thefirewall 31 inhibits a direct communication from the client network N3to the plant system PS, and the firewall 31 inhibits a communicationfrom the plant system PS to the internet cloud services.

However, the firewall 31 permits a communication from the client networkN3 to the DMZ system 32, and the firewall 31 permits a communicationbetween the DMZ system 32 and the plant system PS, so as to implementthe indirect access from the client network N3 to the plant system PS.The DMZ system 32 is disposed so as to prevent an unauthorized accessfrom the client network N3 to the plant system PS.

Because the bases b1 to b3 in the engineering company B and the thirdvendor C cannot basically access to the communication system 30 via theinternet N, the bases b1 to b3 and the third vendor C cannot access tothe plant system PS. However, in a case where the bases b1 to b3 in theengineering company B and the third vendor C obtain a permission fromthe client A, the bases b1 to b3 and the third vendor C can access tothe plant system PS via a terminal device (not shown) disposed in theclient A.

Engineering Method

Next, an engineering method in which the communication systems CS1 toCS3 are used will be described. In a case of establishing theengineering system, as shown in FIG. 1, the basic design (BD), thedetailed design (DD), and the internal test (IT) in the feed phase andthe engineering phase are sequentially conducted by using thecommunication system CS1 (first step).

Specifically, the client A, the engineering company B, and the thirdvendor C communicate with each other by using the services which areprovided via the internet N (refer to FIG. 2), and the client A, theengineering company B, and the third vendor C examine technical problemsof the engineering system, which is to be established in the virtualsystem VS, estimated costs, and so on, so that the basic design and thedetailed design are conducted. Thereafter, hardware is ordered, softwareis programed, and the engineering system is virtually established in thevirtual system VS so as to conduct the operation test.

At this time, the client A and the third vendor C obtain permission fromengineers operating the terminal devices (terminal devices 11 and 12shown in FIG. 3) disposed in the bases b1 to b3, and the client A andthe third vendor C indirectly access to the virtual system VS via theterminal devices 11 and 12 which are operated by the engineer.Thereafter, the software is programed, the engineering system isvirtually established in the virtual system VS, and the operation testis conducted, while the client A and the third vendor C indirectlyaccess to the virtual system VS.

FIG. 8 is a drawing illustrating a communication by a televisionconference with voice and video. FIG. 8 shows a situation, in which theclient A, the bases b 1 to b3 in the engineering company B, and thethird vendor C communicate with each other by the television conferencewith voice and video. As shown in FIG. 8, images of the client A, thebases b1 to b3 in the engineering company B, and the third vendor C aredisplayed on each display of the terminal devices which are disposed inthe bases b1 to b3 in the engineering company 13 and the third vendor C.The client A, the bases b1 to b3 in the engineering company B, and thethird vendor C communicate with each other with voice while referring tothe images displayed on the each terminal device. The images displayedon the each terminal device are merely an example, and the images may bechanged as required.

Next, as shown in FIG. 1, a factory acceptance test (FAT) in theengineering phase is conducted by using the communication system CS2(second step). Specifically, the client A, the bases b1 to b3 in theengineering company B, and the third vendor C access (remotely access)to the target system TS in the engineering company B via the privateline N2 (referring to FIG. 4) so as to inspect the target system TS.

At this time, by the action of the firewall 21 in the step system SPshown in FIG. 5, the terminal devices 22 a to 22 c accept the remoteaccess from the client A, the bases b1 to b3 in the engineering companyB, and the third vendor C to the target system TS. Therefore, the clientA, the bases b1 to b3 in the engineering company B, and the third vendorC can indirectly access to the target system TS via the terminal devices22 a to 22 c, and the target system TS can be inspected.

When the target system TS is accessed, the screen output terminal 23disposed in the step system SP transmits display contents of the targetsystem TS to the terminal devices 22 a to 22 c. The terminal devices 22a to 22 c receive the display contents of the target system TS, and theterminal devices 22 a to 22 c display the received display contents ofthe target system TS on each display of the terminal devices 22 a to 22c. Thereafter, the display contents of the target system TS are alsodisplayed on the terminal devices (the terminal devices PC1 to PC3(shown in FIG. 5) which is used by the client A, the bases b1 to b3 inthe engineering company B, and the third vendor C) which perform theremote access to the terminal devices 22 a to 22 c. Therefore, thedisplay contents of the target system TS are shared among the client A,the bases b1 to b3 in the engineering company B, and the third vendor C.

FIG. 9A is a drawing illustrating an example of a display screen of thepresent embodiment when the factory acceptance test is conducted. FIG.9B is a drawing illustrating an example of a display screen of the oldway when the factory acceptance test is conducted. In FIG. 9A, thedisplay screen W11 is a display screen of the terminal device (forexample, the terminal device 23 shown in FIG. 5). The terminal device(for example, the terminal device 22 a in FIG. 5), which accepts theremote access, displays a copy image of the display screen W11. Thedisplay screen W12 is a display screen of the terminal device (forexample, the terminal device PC1 shown in FIG. 5) which performs theremote access.

Because the display screen W11 is the same as the display screen W12,the display contents of the target system TS can be checked by both theterminal device performing the remote access and the terminal deviceaccepting the remote access. Therefore, in the present embodiment, theclient A, the bases b1 to b3 in the engineering company B, and the thirdvendor C, which are in a remote location, can check the display contentsof the target system TS by referring to the display screen W12 of theterminal device which performs the remote access. Also, in the presentembodiment, the engineer in the engineering company 13 can check whetheran operation with respect to the target system TS is improper or not byreferring to the display screen W11 of the terminal device which acceptsthe remote access.

In FIG. 9B, the display screen W21 is a display screen of the terminaldevice which accepts the remote access, and the display screen W22 is adisplay screen of the terminal device which performs the remote access.Although the display screen W22 is the same as the display screen W12shown in FIG. 9A, the display screen W21 is a logon screen. As describedabove, in the old way, the display screen which accepts the remoteaccess is occupied, and the display contents of the target system TScannot be checked. For the reason, different from the presentembodiment, it is difficult for the engineer in the engineering companyB to check whether an operation with respect to the target system TS isimproper or not.

In the communication system CS2, although the access from the internet Nto the private line N2 is inhibited, the access from the private line N2to the services which are provided via the internet N is permitted. Forthe reason, the client A, the engineering company B, and the thirdvendor C can communicate with each other by using the services which areprovided via the internet N.

FIG. 10 is a drawing illustrating an example of an image data used in aninspection of hardware in the present embodiment. For example, as shownin FIG. 10, in a case where the image data (a still image or a movingimage) is uploaded to the file sharing service which is provided via theinternet N, the client A, the engineering company B, and the thirdvendor C can inspect (appearance check, and numerical check) of thehardware in presence of the concerned parties by accessing the filesharing service.

In a case where a real time moving image is necessary, such as a case ofa system check of hardware, a moving image of a video camera may beshared, and the moving image may be changed in accordance with aninstruction of the client A, the bases b1 to b3 in the engineeringcompany B, and the third vendor C. In this case, it is more effective touse a streaming technology for the real time moving image so as not todelay the upload of the moving image.

After the factory acceptance test (FAT) in the engineering phasedescribed above is finished, as shown in FIG. 1, the site activity phaseis conducted by using the communication system CS3 (third step).However, in the site activity phase, because the plant system PSestablished in the plant is connected to the internet N via the clientnetwork N3 (referring to FIG. 7), the site activity phase, in which thecommunication system CS3 is used, is conducted only when the permissionfrom the client A is obtained.

Specifically, the bases b1 to b3 in the engineering company B and thethird vendor C obtain the permission from the client A, and the bases b1to b3 and the third vendor C indirectly access to the plant system PSvia the terminal device (not shown) which is used in the client A.Thereafter, the bases b1 to b3 in the engineering company B and thethird vendor C perform the site acceptance test (SAT) and theperformance inspection (Commissioning) while indirectly accessing to theplant system PS.

In the communication system CS3, the client A, the bases b1 to b3 in theengineering company B, and the third vendor C are also connected to theinternet N. For the reason, the client A, the bases b1 to b3 in theengineering company B, and the third vendor C can communicate with eachother by using the services which are provided via the internet N.

As described above, in the present embodiment, in the basic design (BD),the detailed design (DD), and the internal test (IT) in the feed phaseand the engineering phase, the communication is performed by using theservices which are provided via the internet N. Further, the access tothe virtual system VS via the internet N is permitted, and theengineering system is established in the virtual system VS.

In the factory acceptance test (FAT) in the engineering phase, by usingthe communication system CS2, the target system TS is accessed via theprivate line N2 so as to inspect the target system TS. Further, in thesite activity phase, by using the communication system CS3, thecommunication is performed by using the services which are provided viathe internet N, and the access to the plant system PS via the internet Nis permitted, so as to conduct the test with respect to the plant systemPS.

For the reason, the present embodiment provides following benefits atthe each phase.

(1) Feed Phase

-   -   Because thorough meetings can be conducted from remote        locations, the working hours of the engineer can be shorter.    -   By introducing the virtual system VS, the inspection of the        system can be conducted easily in the feed phase.

(2) Engineering Phase

-   -   Because there is no need to get together in one place to        inspect, travel expenses can be reduced significantly.    -   Because the system can be established in the virtual system VS,        an engineering efficiency can be improved.    -   A large space for staging is unnecessary when the inspection is        conducted in the presence of the concerned parties.    -   By using the step system SP, when the remote access is        performed, infection of a malware and hacking can be prevented,        operations from outside can be known, and behavior of the system        can be better.    -   The communication test with respect to the third vendor can be        conducted.

(3) Site Activity Phase

-   -   Skilled engineers in remote locations can easily understand the        situation of the field site, and the working hours of the        skilled engineers can be shorter.

Although the engineering method and the establishing system according tothe embodiments of the present invention have been described above, thepresent invention is not restricted to the above-described embodiments,and can be freely modified within the scope thereof For example,although the foregoing descriptions of the embodiments have beenexamples in which the engineering system is established as thedistributed control system, the present invention can be applied to asafety instrumented system and other systems.

As used herein, the following directional terms “forward, rearward,above, downward, right, left, vertical, horizontal, below, transverse,row and column” as well as any other similar directional terms refer tothose directions of an apparatus equipped with the present invention.Accordingly, these terms, as utilized to describe the present inventionshould be interpreted relative to an apparatus equipped with the presentinvention.

The term “configured” is used to describe a component, unit or part of adevice includes hardware and/or software that is constructed and/orprogrammed to carry out the desired function.

Moreover, terms that are expressed as “means-plus function” in theclaims should include any structure that can be utilized to carry outthe function of that part of the present invention.

The term “unit” is used to describe a component, unit or part of ahardware and/or software that is constructed and/or programmed to carryout the desired function. Typical examples of the hardware may include,but are not limited to, a device and a circuit.

While preferred embodiments of the present invention have been describedand illustrated above, it should be understood that these are examplesof the present invention and are not to be considered as limiting.Additions, omissions, substitutions, and other modifications can be madewithout departing from the scope of the present invention. Accordingly,the present invention is not to be considered as being limited by theforegoing description, and is only limited by the scope of the claims.

What is claimed is:
 1. An engineering method for establishing anengineering system comprising: establishing the engineering system in avirtual system by performing a communication and permitting an access tothe virtual system via the Internet, the communication being performedby using a service which is provided via the Internet, the service beingused by a first communication system which is connected to the Internet,the virtual system being disposed in the first communication system, andthe virtual system virtually implementing the engineering system; andinspecting the engineering system by performing an access to aninspection system via a virtual private network, the access is performedby a second communication system which is connected to the virtualprivate network, the inspection system being disposed in the secondcommunication system, and the inspection system inspecting operations ofthe engineering system which is established in the virtual system. 2.The engineering method according to claim 1, wherein the access to theinspection system via the virtual private network is indirectlyperformed by a relay system which is disposed in the secondcommunication system and accesses to the inspection system.
 3. Theengineering method according to claim 2, further comprising:transmitting, by the inspection system, display contents displayed onthe inspection system to the relay system; receiving, by the relaysystem, the display contents transmitted from the inspection system; andtransmitting, by the relay system, the received display contents to aterminal device via the virtual private network, the terminal deviceaccessing to the inspection system.
 4. The engineering method accordingto claim 1, wherein the virtual private network is connected to theInternet, an access from the private network to the service which isprovided via the Internet is permitted, and an access from the Internetto the virtual private network is inhibited.
 5. The engineering methodaccording to claim 1, further comprising: examining an actualengineering system by performing a communication and permitting anaccess to the actual engineering system via the Internet, thecommunication being performed by using the service which is provided viathe Internet, the service being used by a third communication systemwhich is connected to the Internet, and the third communication systembeing connected to the actual engineering system established in a plant.6. An engineering method of establishing an engineering system, themethod comprising: performing a communication via a first network to avirtual system which is included in a first communication system, thevirtual system being for virtually establishing the engineering system;permitting a first access to the virtual system via the first network,the first access being from the outside of the virtual system;establishing an inspection system in a second communication system, theinspection system being for inspecting the engineering system which isvirtually established in the virtual system; and performing a secondaccess to the inspection system via a second network which is a securednetwork, the second access being from the outside of the inspectionsystem.
 7. The engineering method according to claim 6, wherein theaccess to the inspection system via the second network is indirectlyperformed by a relay system which is included in the secondcommunication system and accesses to the inspection system.
 8. Theengineering method according to claim 7, further comprising: converting,by the relay system, between a first protocol used in the second networkand a second protocol used in the second communication system.
 9. Theengineering method according to claim 7, further comprising: censoring,by the relay system, the access via the second network to the inspectionsystem.
 10. The engineering method according to claim 7, furthercomprising: transmitting, by the inspection system, display contentsdisplayed on the inspection system to the relay system; receiving, bythe relay system, the display contents transmitted from the inspectionsystem; and transmitting, by the relay system, the received displaycontents to a first terminal device via the second network, the firstterminal device accessing to the inspection system.
 11. The engineeringmethod according to claim 10, wherein a firewall, a screen outputterminal, and a second terminal device are disposed in the relay system,the screen output terminal makes a copy of the display contentsdisplayed on the inspection system, and the second terminal deviceaccepts a remote access from the first terminal device.
 12. Theengineering method according to claim 11, further comprising:inhibiting, by the firewall, a direct communication between the firstterminal device and the inspection system.
 13. The engineering methodaccording to claim 12, further comprising: permitting, by the firewall,a communication between the first terminal device and the secondterminal device; and permitting, by the firewall, a communicationbetween the second terminal device, the screen output terminal, and theinspection system.
 14. The engineering method according to claim 6,wherein the second network is connected to the first network, an accessfrom the second network to a service which is provided via the firstnetwork is permitted, and an access from the first network to the secondnetwork is inhibited.
 15. The engineering method according to claim 14,wherein the first network is the Internet, the second network is avirtual private network, and the service is an internet cloud servicewhich includes at least one of a mail service, an IP telephone service,a file sharing service, an instant messaging service, and a televisionconference service.
 16. The engineering method according to claim 14,further comprising: communicating, by a third communication system, withan actual engineering system by using the service, the actualengineering system being established in a plant, and the thirdcommunication system being connected to the first network and the actualengineering system.
 17. The engineering method according to claim 16,further comprising: examining the actual engineering system bypermitting an access to the actual engineering system via the firstnetwork.
 18. An establishing system for establishing an engineeringsystem comprising: a first communication system configured to beconnected to the Internet and equipped with a virtual system whichvirtually implements the engineering system, the first communicationsystem establishing the engineering system in the virtual system byperforming a communication and permitting an access to the virtualsystem via the Internet, the first communication system performing thecommunication by using a service which is provided via the Internet; anda second communication system configured to be connected to a virtualprivate network and equipped with an inspection system which inspectsoperations of the engineering system which is established in the virtualsystem, the second communication system inspecting the engineeringsystem by performing an access to the inspection system via the virtualprivate network.
 19. The establishing system according to claim 18,further comprising: a relay system disposed in the second communicationsystem and configured to access to the inspection system via the virtualprivate network.
 20. The establishing system according to claim 19,wherein the inspection system is configured to transmit display contentsdisplayed on the inspection system to the relay system, the relay systemis configured to receive the display contents transmitted from theinspection system, and the relay system is configured to transmit thereceived display contents to a terminal device, which accesses to theinspection system, via the virtual private network.